What is the difference between the following 3 config selections that Comodo Internet Security allows?
Just looking for a basic idea, and what the benefits/drawbacks might be of operating in each mode.
The Internet and Proactive Security are the Firewall with the anti virus added.
The Proactive Security configuration is more secure but will produce more alerts than the Internet Security configuration.
How would you describe yourself as user? What do you expect from the firewall; how customisable do you want it?
Thanks, I guess I’ll just run it in internet security mode then. I am an average user, have used several different firewalls but never tried to install my own rules except on an early edition of Norton. That might be fun to try with comodo, but I am afraid I might mess up the security.
I like the flexibility of Comodo; it seemed a little difficult to understand at first, but soon became familiar. But I could see how a novice could be overwhelmed by all the options and different screens.
I think there were two items that were identified when I ran it thru some internet firewall tests to be sure it was working properly; one was a low number port address that was blocked (i.e., not stealthed), and the other was that my browser referral address was allowed to go out and be read. Maybe these things could be fixed, I’m not even sure the second item is the firewall’s responsibility, and not sure how important it is. But overall it did very well in the tests I ran; no open ports that I am aware of, and all common ports stealthed.
I hope this makes some sense to you, as I am not really up to speed on all of this, and I may be off-base with some of it. Thanks again for your help.
Do you have a router? If so, then that website that you tested with scanned your router, not your PC firewall.
It’s not important and just like you thought, it’s a job for the browser, not a security program. Like cookies, referrers fall under the privacy concern. Overall, it’s recommended not to disable referrer because it wrecks more websites than shield you from their data tracking. It would be tediously time-consuming to pick and choose which websites are to be blocked / allowed.
I thought the referral address might be the responsibility of the browser, as you have confirmed. Yes, I do have a router - guess thats the problem with the blocked port then. I know I did change the port defense to a higher level, I think it was the setting where Comodo blocked all incoming and stealthed all ports and then couldn’t get my browser to respond properly, can’t remember all the details.
While I was screwing around I put the firewall on disabled, and then didn’t remember to put it back to the default level. Assuming I didn’t miss something one recommendation I have then is to set a highly visible warning flag or color the system tray ICON full red when the firewall is disable. Seems like sometimes I would go back to the stealth ports wizard and it would be on the default (i.e., define a new trusted network and default for everyone else), and another time it was disabled. Not sure how this works, and would appreciate a simple explanation for when a Linksys router is being used.
Thanks for your continued help getting this set up.
I set my browser .exe’s to apply the Firewall’s Predefined Policy of “Web Browser”, which has been pre-set to allow only the necessary connections. I would screen shot them here for you, but I’m not at home right now :).
This has been in the wishlist numerous times, and was actually already implemented in CIS v2. I also favour this idea. Hopefully this along with other GUI wishes will be granted in the next major update.
Seems like sometimes I would go back to the stealth ports wizard and it would be on the default (i.e., define a new trusted network and default for everyone else), and another time it was disabled. Not sure how this worksI'm not sure either since I don't use the wizard myself (I like to be the wizard by manually configure my own rules), but I do know it basically changes the default global firewall rules. Maybe Eric can explain :P
The Stealth Ports Wizard changes Global Rules and the application rule for System. The wizard does not reflect the actual setting of your Global Rules and the rule for System.
Following is a little tutorial on opening ports. Let me know if that clears things up for you or not.
The default Global Rules changed from being alerted for incoming traffic on a per case basis to a general block of all incoming traffic (default Stealth).
There are two ways to go here.
To open the port TCP 1723 for example
First step is to determine the MAC or Physical address of you network connector. Go to Start → Run → cmd → enter → a black box will show up and enter the following → ipconfig /all (notice the space before /all) → enter → now look up the Physical address and write it down.
Notice that Physical address = MAC address
Firewall → Advanced → Network Security policy → Global Rules → Add → fill in the following:
Action: Allow
Protocol: TCP
Direction: In
Description: Incoming Port
Source address: Any
Destination Address: Choose MAC address and fill in the found MAC/Physical address
Source Port: Any
Destination Port: 1723
Then push Apply → Now make sure that the new rule is somewhere above the basic block rule(s) as the bottom (the block rules have red icons); you can drag and drop the rules → Ok.
I dont understand why opening a port would help my situation - seems like it would make me more vulnerable to attacks. Can you please explain?
I gave a general description about how things work in the old and new default settings focussed on how opening ports (as that is a very common question we get here).
Yes, opening ports make you more vulnerable but it is a limited risk. It is only a thing to do when a program requires it.
The Stealth Ports Wizard changes Global Rules and the application rule for System. The wizard does not reflect the actual setting of your Global Rules and the rule for System. To know if CIS is set to the new Default Stealth or to the old school "being asked to allow incoming traffic on a per case basis"you need to look at the Global Rules to tell.
The above only leads us astray from your initial questions.
For the record. Is your browser still suffering from this unresponsiveness? Can you describe in more details what is working and what not and when it happens?
While I was screwing around I put the firewall on disabled, and then didn't remember to put it back to the default level. Assuming I didn't miss something one recommendation I have then is to set a highly visible warning flag or color the system tray ICON full red when the firewall is disable. Seems like sometimes I would go back to the stealth ports wizard and it would be on the default (i.e., define a new trusted network and default for everyone else), and another time it was disabled. Not sure how this works, and would appreciate a simple explanation for when a Linksys router is being used.Can you state what your Firewall settings are at the moment? Is it set to Safe Mode, Custom Policy Mode…etc…?Thanks for your continued help getting this set up.
Can you show a screenshot of your Global Rules? They can be found under Firewall → Advanced → Network Security Policy? What version of CIS are you using?